IT Support for Defence & Aerospace Supply Chain
Specialist managed IT services for defence contractors, aerospace suppliers, engineering firms, and government supply chain. BPSS cleared staff, UK data residency, and deep understanding of MOD cyber requirements.
Defence Supply Chain Cyber Requirements Are Getting Serious
If you're in the defence, aerospace, or government supply chain in the Thames Valley, you already know the landscape is changing. Prime contractors are flowing down cyber security requirements more aggressively than ever. MOD contracts now mandate specific security controls. And the consequences of getting it wrong aren't just failed audits—they're lost contracts and damaged relationships with primes.
Most MSPs don't understand this world. They've never heard of Def Stan 05-138, don't know the difference between DEFCON 658 and 659, and couldn't explain the Cyber Security Model risk profiles if their business depended on it.
We're different. Based in Reading, we work with defence and aerospace suppliers across Berkshire and the wider South East. We understand the compliance requirements being flowed down from primes, and build IT environments that pass supplier assurance questionnaires without scrambling at the last minute. Our cyber security services are specifically designed with regulated sectors in mind. Want to check your current posture? Try our free domain health check or compliance checker.
Defence & Aerospace Cyber Requirements
The frameworks, standards, and contract clauses you need to understand and comply with.
Cyber Security Model (CSM)
MOD StandardThe CSM replaced the Defence Cyber Protection Partnership (DCPP) as the MOD's approach to managing supply chain cyber risk. It assigns risk profiles from Very Low to Very High based on the sensitivity of information and systems you handle.
Def Stan 05-138
Defence StandardThe definitive MOD standard for cyber security in defence suppliers. Defines security requirements across people, processes, and technology. Increasingly referenced in contracts and supplier assurance questionnaires.
DEFCON 658 & 659
Contract ClausesStandard MOD contract clauses for cyber security. DEFCON 658 covers cyber risk management requirements, while DEFCON 659 addresses flow-down to subcontractors. If these are in your contract, you need compliant IT.
JOSCAR
Pre-QualificationJoint Supply Chain Accreditation Register—the common supplier pre-qualification system used by BAE Systems, Rolls-Royce, Leonardo, MBDA, and other major primes. Includes detailed cyber security questionnaires.
AS9100 / AS9110 / AS9120
Aerospace QualityAerospace quality management standards with specific IT and information security requirements. AS9100 for manufacturers, AS9110 for MRO, AS9120 for distributors. Your QMS needs compliant IT underpinning.
ITAR / EAR Awareness
Export ControlsUS export control regulations that apply if you handle US-origin defence articles or technical data. ITAR violations carry severe penalties. Your IT environment must prevent unauthorised foreign access.
Cyber Security Model Risk Profiles
The MOD's CSM assigns risk profiles based on the sensitivity of MOD information and systems you handle. Higher risk profiles require more stringent controls.
| Risk Profile | Typical Scenarios | Minimum Baseline |
|---|---|---|
| Very Low | No access to MOD information or systems | Basic cyber hygiene |
| Low | OFFICIAL information, no MOD system access | Cyber Essentials |
| Moderate | OFFICIAL-SENSITIVE, limited MOD connectivity | Cyber Essentials Plus |
| High | Critical systems, significant MOD integration | CE+ plus additional controls |
| Very High | National security implications, SECRET+ | Bespoke security regime |
IT Services Built for Defence Supply Chain
Everything you need to run secure, compliant IT operations that satisfy your primes and pass supplier audits.
Cyber Essentials & CE+ Certification
We manage your annual Cyber Essentials certification process, maintain compliant configurations year-round, and handle the technical evidence pack for auditors.
24/7 Security Monitoring
SOC partnership providing continuous threat detection, EDR across all endpoints, and rapid incident response with defined escalation procedures.
UK Data Residency
All data stays in UK jurisdiction. UK-based cloud infrastructure, UK backup locations, and no offshore support centres accessing your environment.
BPSS Cleared Staff
All UK-based staff hold BPSS clearance as standard. Where contracts require SC or DV clearance, we can support the sponsorship process through appropriate channels.
Compliance Documentation
We help you build and maintain the evidence packs, policy documents, and audit trails that primes and assessors require.
Secure Data Handling
OFFICIAL and OFFICIAL-SENSITIVE handling procedures, encryption at rest and in transit, secure disposal, and classification-aware access controls.
Backup & Disaster Recovery
UK-based encrypted backups, defined RTO/RPO targets, regular restore testing, and documented business continuity procedures.
Incident Response
Documented playbooks, severity-based escalation, client notification SLAs that meet prime contractor requirements, and post-incident reviews.
Supplier Questionnaire Support
We help you complete JOSCAR, prime-specific SAQs, and due diligence questionnaires with accurate, evidenced responses.
Why Defence Contractors Choose Us
Most MSPs treat defence like any other sector. We understand what makes it different.
We Speak Your Language
We understand CSM risk profiles, DEFCON clauses, JOSCAR questionnaires, and the difference between OFFICIAL and OFFICIAL-SENSITIVE. You won't need to explain basic concepts or translate requirements.
Already Compliant Ourselves
We're Cyber Essentials Plus certified, CAF aligned, and working toward ISO 27001. We don't just help you comply—we demonstrate compliance in our own operations.
UK Through and Through
British owned, UK-based staff only, UK data centres. No offshore support, no foreign parent company complications, no data leaving UK jurisdiction.
BPSS Cleared Team
Our UK-based staff already hold BPSS clearance. Where your contracts require SC or higher, we can work with you through the sponsorship process to obtain the necessary clearances.
Audit-Ready Documentation
We help you build and maintain the evidence packs that primes demand. When the supplier assurance questionnaire lands, you'll have the answers ready.
Aviation & CNI Background
Direct experience in aviation fuel and critical national infrastructure gives us practical understanding of high-consequence environments where security failures aren't just expensive—they're dangerous.
Security Credentials That Matter
We don't just help clients achieve compliance—we maintain the same standards ourselves. Based in Reading, we're well positioned to support the Thames Valley's significant defence and aerospace supply chain, from precision engineering firms to specialist component manufacturers serving the major primes.
Cyber Essentials Plus
Independently verified certification demonstrating we meet the government-backed standard for cyber security controls.
CAF Aligned
Our controls are mapped to the NCSC Cyber Assessment Framework, the standard used for assessing critical national infrastructure.
ISO 27001 (Feb 2026)
Currently implementing ISO 27001:2022 with certification planned for February 2026 to provide internationally recognised assurance.
UK Data Sovereignty
All client data remains in UK jurisdiction. UK-based cloud infrastructure with UK suppliers prioritised throughout our supply chain.
Common Questions
What defence contractors and aerospace suppliers typically ask us.
Discuss Your RequirementsRelated Services for Defence Suppliers
Our defence and aerospace IT support is built on a foundation of comprehensive managed services.
Cyber Security & Compliance
Cyber Essentials certification, ISO 27001 implementation, penetration testing, and ongoing security management.
Fully Managed IT Support
Complete IT department outsourcing with 24/7 monitoring, helpdesk support, and strategic IT management.
Backup & Disaster Recovery
UK-based encrypted backups, defined RTO/RPO targets, and tested business continuity procedures.
Cloud & Hosting
UK-based cloud infrastructure with guaranteed data residency. Azure, AWS, and private cloud options.
Ready to Strengthen Your Supply Chain Position?
Whether you're pursuing new MOD contracts, responding to prime contractor requirements, or preparing for supplier audits—we can help you build IT that meets the standard.
Microsoft Certified
Top 3 IT Services 2025